6276d17a64c63154c1c2f07f53eef29fcff1c2790790342fe16ee48979d65d50 | Triage

Sharing

General

Target

6276d17a64c63154c1c2f07f53eef29fcff1c2790790342fe16ee48979d65d50
Size

198KB
Sample

221123-vpy76sce8t
MD5

5283cfedcc72a3754b552b046ef33170
SHA1

7a45335e9b32845d2ba620cde61013d3e600cfe9
SHA256

6276d17a64c63154c1c2f07f53eef29fcff1c2790790342fe16ee48979d65d50
SHA512

4864d7b9c2a9c0300ac3fce063bf2565fab41bdba0f61d20bedd6020bd9d454561de7f4a02c3660f340950dbcec37971a7e001e7469ee41a614e632d6ecedd65
SSDEEP

6144:znycVxqMDbbFDhCW4C92lHf8mhBKIwlplA:DpVxqSbbFDhT2RkmHGTl

Score

10^/10

evasion trojan vmprotect

Malware Config

Targets

- Target
  
  6276d17a64c63154c1c2f07f53eef29fcff1c2790790342fe16ee48979d65d50
- Size
  
  198KB
- MD5
  
  5283cfedcc72a3754b552b046ef33170
- SHA1
  
  7a45335e9b32845d2ba620cde61013d3e600cfe9
- SHA256
  
  6276d17a64c63154c1c2f07f53eef29fcff1c2790790342fe16ee48979d65d50
- SHA512
  
  4864d7b9c2a9c0300ac3fce063bf2565fab41bdba0f61d20bedd6020bd9d454561de7f4a02c3660f340950dbcec37971a7e001e7469ee41a614e632d6ecedd65
- SSDEEP
  
  6144:znycVxqMDbbFDhCW4C92lHf8mhBKIwlplA:DpVxqSbbFDhT2RkmHGTl
Score

10^/10

evasion trojan vmprotect
- UAC bypass
  evasion trojan
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasiontrojanvmprotect

behavioral2

evasiontrojanvmprotect